66 description : " Whether to also run 'snyk monitor'"
77 required : false
88 default : " false"
9- projectPrefix :
10- description : " Project prefix for Snyk dashboard and SARIF naming (e.g., 'strimzi')"
9+ scanName :
10+ description : " Name used for SARIF file naming, upload category, and tool display name (e.g., 'strimzi')"
1111 required : true
1212 uploadToCodeScanning :
1313 description : " Whether to upload SARIF results to GitHub Code Scanning"
3535 snyk test \
3636 --all-projects \
3737 $EXCLUDE_FLAG \
38- --sarif-file-output=snyk-maven-${{ inputs.projectPrefix }}.sarif \
38+ --sarif-file-output=snyk-maven-${{ inputs.scanName }}.sarif \
3939 --json-file-output=snyk-results.json
4040
4141 # This is used to set severity score to 0.0 for those results that has empty value for it.
@@ -44,10 +44,10 @@ runs:
4444 - name : Sanitize SARIF security-severity values
4545 shell : bash
4646 run : |
47- SARIF_FILE="snyk-maven-${{ inputs.projectPrefix }}.sarif"
47+ SARIF_FILE="snyk-maven-${{ inputs.scanName }}.sarif"
4848 if [ -f "$SARIF_FILE" ]; then
49- jq '
50- (.runs[].tool.driver.name) = "Snyk Maven" |
49+ jq --arg name "Snyk Maven (${{ inputs.scanName }})" '
50+ (.runs[].tool.driver.name) = $name |
5151 (.runs[].tool.driver.rules[]?.properties."security-severity") |=
5252 if . == null or . == "undefined" or (tostring | test("^[0-9]") | not) then "0.0"
5353 else .
@@ -58,16 +58,16 @@ runs:
5858 uses : github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
5959 if : ${{ always() && inputs.uploadToCodeScanning == 'true' }}
6060 with :
61- sarif_file : snyk-maven-${{ inputs.projectPrefix }}.sarif
62- category : snyk-maven-${{ inputs.projectPrefix }}
61+ sarif_file : snyk-maven-${{ inputs.scanName }}.sarif
62+ category : snyk-maven-${{ inputs.scanName }}
6363 wait-for-processing : true
6464
6565 - name : Upload SARIF as workflow artifact
6666 uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
6767 if : always()
6868 with :
69- name : snyk-maven-${{ inputs.projectPrefix }}.sarif
70- path : snyk-maven-${{ inputs.projectPrefix }}.sarif
69+ name : snyk-maven-${{ inputs.scanName }}.sarif
70+ path : snyk-maven-${{ inputs.scanName }}.sarif
7171 retention-days : 30
7272
7373 # Monitor command is used for upload snapshot of the scan to Snyk App where Snyk will do daily scans and can generate reports
0 commit comments